I hate hardware tokens. Recently got one from my bank. I'm switching banks. I just don't see any advantage over a phone app (plus a phone app can offer better notifications).
Yes, but then it's not 2FA, it's notifications in the app you're probably using for banking, so now it's 1FA.
That's fine for sending £100 to an account already in your list of payees, but to set up a new account, where's the second factor in an app? That, to me, seems a large step backwards.
Well, you need (1) my phone and (2) my fingerprint, so technically it is 2FA. They could easily require (1) my password and (2) my phone, so still 2FA.
2FA is usually fake anyways, there's usually a way to reset stuff with only one factor (e.g. use phone number to reset password, or login with password and change phone number, ... same with PIN), so it's all a misnomer anyways.
